Citrix has launched patches to tackle a vulnerability in the ADC tool. The vulnerability, referred to as CVE-2019-19781, affects Citrix Software Supply Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP.
“The scope of this vulnerability includes Citrix ADC and Citrix Gateway Digital Home Equipment (VPX) hosted on any Citrix Hypervisor, ESX, Hyper-V, KVM, Azure, AWS, GCP or a Citrix ADC Provider Equipment Supply (SDX) “Says the company.
At the time of its unveiling, the protection flaw had not released a patch while about 80.000 organizations in 159 countries were at risk, said Mikhail Klyuchnikov, who initially reported the problem.
Citrix also released some tips until the patch was released.
Citrix ADC and Citrix Gateway model 13.zero, Citrix ADC and NetScaler Gateway model 12.1, Citrix ADC and NetScaler Gateway model 12.zero, Citrix ADC and NetScaler Gateway model 11.1 and Citrix NetScaler ADC and NetScaler Gateway 10.five, and all supported builds are affected, along with SD-WAN WANOP 10.2.6 and 11.zero.three product variants.
It is worth noting that once GitHub released its exploit code, the attacks became a trivial affair.
This prompted Citrix to release a timetable of expected fixes, with patches for versions 13 and 12.1 on January 27, January 31 for 10.five and January 20 for versions 12 and 11.1.
Fixes for ADC versions 12 and 11.1 were released today. The safety advisory states that users should immediately “patch” patches, noting that if some ADC variants are used, IT admins should check for patches that have been launched for various builds.
“These fixes are additionally observed in Citrix ADC and Citrix Gateway Digital Home Equipment (VPX) hosted on any of the ESX, Hyper-V, KVM, XenServer, Azure, AWS, GCP or Citrix ADC Provider Equipment Supply (SDX). SVM on SDX doesn’t need to be up to date, ”Citrix said. “It is important to update all versions of Citrix ADC and Citrix Gateway 11.1 (MPX or VPX) to create 188.8.131.52 to configure protection vulnerabilities. As well as the cases of Citrix ADC and Citrix Gateway 12.zero (MPX or VPX) to run version 12.zero.63.13 to put the vulnerability fixes protection. “
In addition, Citrix has reduced the waiting time for worm repair to several versions. Citrix ADC additions for the 12.1, 13 and 10.five models are now expected on January 24 and a Citrix SD-WAN WANOP patch could also be released on the same day.
Citrix has provided another tool verification for IT admins to check that the corrections were made correctly.
How useful was this post?
Average rating / 5. Vote count:
No votes so far! Be the first to rate this post.
Citrix: Releases patches for critical vulnerability! was last modified: January 20, 2020, 5: 21 by